SolarWinds hack calls for stronger cyber-security measures in Canadian manufacturing

PHOTO: FOTOLIA

On Dec. 8, 2020, FireEye, a US cybersecurity company, revealed a significant data breach effecting a number of industries and organizations. The SolarWinds hack was a cyberattack perpetrated by various hackers to access crucial data and information through a software update laden with malware. 18,000 of SolarWinds’ 33,000 clients were compromised by the cyberattack. The hackers gained access to the data through a weaponized software update, which was a masquerade to install malware that could sift through personal data.

As data breaches continue to become more sophisticated, it is becoming more difficult to distinguish between legitimate software updates and malware. A recent phishing simulation was sent out to organizations in a variety of industries by Terranova Security, a cybersecurity training and awareness group, to ascertain companies’ abilities to defend against a cyber-attack. The results were discouraging.

Phishing has been described as the fraudulent practice of sending emails purporting to be from reputable sources to induce an individual to reveal personal or private information. A global study tested manufacturing executives and employees on their abilities to detect a phishing scam. The Phishing Benchmark Global Report by Terranova Security found that 22% of employees in the manufacturing industry would fall victim to a phishing email and click on the included malicious link, and a further 69% of clickers would go on to provide a hacker with their credentials.

The study was distributed to hundreds of companies globally and showed startling findings in the wake of an increasing number of data breaches at large corporations.

“The quality of phishing scams has improved over the last year. The complexity of messages have also become much more sophisticated, and scammers and attackers are able to better replicate authentic messages and web sites.” said Theo Zafirakos, CISO at Terranova Security.

Theo Zafirakos also provided a number of helpful tips to help protect manufacturing industry employees from cyber-attacks and increase their security. Theo listed three key tips for industry leaders:

• Take the time to validate any email request, look for the email address and make sure every character is valid and correct
• Verify whether the message itself is asking you to bypass standard processes or procedures
• If you see something suspicious, make sure to report it, so no one else falls to the scam and you can defend the whole organization

Theo also stressed the importance of having a proper cyber-security awareness program in place to defend and educate against data breaches and phishing attacks.

Companies should have a security awareness program in place to help educate their employees to defend against these types of attacks.”

A noteworthy find in the Global Report was an 11% point increase in the overall number of users who improperly submitted their credentials at 13% compared to 2019, when just 2% of users submitted credentials.

“The pandemic and the nature of a work-from-home environment has increased the number of users working in a virtual environment, and definitely played into the increased number of users submitting their credentials in an unsafe manner. Scammers are also preying on people’s desperation for a vaccine, and using COVID-19 testing and vaccine promises as part of their scams to secure login credentials.” Theo said.

The study also found that less than half of manufacturing industry clients tested had a cyber-security program in place, and the number of people who clicked and submitted their details were higher than the average in other industries, stressing the need for a security education within the industry.